sulogin: remove suid paranoia code, explain why it's not necessary

function                                             old     new   delta
sulogin_main                                         325     270     -55

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
This commit is contained in:
Denys Vlasenko 2016-03-30 17:27:32 +02:00
parent 8ac6effb02
commit 32c08acba3

View File

@ -32,6 +32,14 @@ int sulogin_main(int argc UNUSED_PARAM, char **argv)
struct passwd *pwd; struct passwd *pwd;
const char *shell; const char *shell;
/* Note: sulogin is not a suid app. It is meant to be run by init
* for single user / emergency mode. init starts it as root.
* Normal users (potentially malisious ones) can only run it under
* their UID, therefore no paranoia here is warranted:
* $LD_LIBRARY_PATH in env, TTY = /dev/sda
* are no more dangerous here than in e.g. cp applet.
*/
logmode = LOGMODE_BOTH; logmode = LOGMODE_BOTH;
openlog(applet_name, 0, LOG_AUTH); openlog(applet_name, 0, LOG_AUTH);
@ -47,18 +55,9 @@ int sulogin_main(int argc UNUSED_PARAM, char **argv)
dup(0); dup(0);
} }
/* Malicious use like "sulogin /dev/sda"? */
if (!isatty(0) || !isatty(1) || !isatty(2)) {
logmode = LOGMODE_SYSLOG;
bb_error_msg_and_die("not a tty");
}
/* Clear dangerous stuff, set PATH */
sanitize_env_if_suid();
pwd = getpwuid(0); pwd = getpwuid(0);
if (!pwd) { if (!pwd) {
goto auth_error; bb_error_msg_and_die("no password entry for root");
} }
while (1) { while (1) {
@ -92,7 +91,4 @@ int sulogin_main(int argc UNUSED_PARAM, char **argv)
/* Exec login shell with no additional parameters. Never returns. */ /* Exec login shell with no additional parameters. Never returns. */
run_shell(shell, 1, NULL, NULL); run_shell(shell, 1, NULL, NULL);
auth_error:
bb_error_msg_and_die("no password entry for root");
} }